Which configurable SRX Series device feature allows you to capture transit traffic?
A.
archival
B.
packet-capture
C.
syslog
D.
traceoptions
Which configurable SRX Series device feature allows you to capture transit traffic?
Which configurable SRX Series device feature allows you to capture transit traffic?
Not true !
Answer B !
1- configure sample filter
2- user@srx% tcpdump -r -w pcap.fe-0.0.7
>>> AJSEC book part 2 of 2 chapter 9 page 37
packet-capture can not capture the transit traffic according to this
https://junipernetworkguide.wordpress.com/2014/09/28/junipers-basic-questions/
No way .. rather than this .. there no word”capture” in the link you provided .
after all , refer to this : http://forums.juniper.net/t5/Junos/JUNOS-9-0-and-Monitoring-Traffic/td-p/5710
in order to capture transit traffic you need IPS rule with “sample” action and then use wireshark to analize the PCAP file .
Ahmed , where is it written ? could you spicify the line ?
Answer is “B”. Chapter 9 – pag 37
I think it is packet-capture , check the below link at Packet Capture for transit traffic through the SRX (packet-capture) section :
http://kb.juniper.net/InfoCenter/index?page=content&id=kb15779&actp=search#Packet_Capture_THROUGH_the_SRX
B
On branch SRX, packet capture can be done using “set forwarding-options packet-capture” with “firewall filter”. Firewall filter rules does transit packet identification here.
On high-end SRX, “set security datapath-debug” with “traceoptions file” can do transit packet capture.
This is a bloody confusing question. So both B and D are correct.
References:
High-end SRX >> https://kb.juniper.net/InfoCenter/index?page=content&id=KB21563&actp=search
Branch SRX >> https://kb.juniper.net/InfoCenter/index?page=content&id=KB11709&actp=search